Jakub Wilk and Raphael Hertzog discovered that dpkg-source did notcorrectly handle certain paths and symlinks when unpacking source-formatversion 3.0 packages. If a user or an automated system were tricked intounpacking a specially crafted source package, a remote attacker couldmodify files outside the target unpack directory, leading to a denialof service or potentially gaining access to the system.

Solution:The problem can be corrected by upgrading your system to thefollowing package versions:

Ubuntu 9.10: dpkg-dev 1.15.4ubuntu2.3

Ubuntu 10.04 LTS: dpkg-dev 1.15.5.6ubuntu4.5

Ubuntu 10.10: dpkg-dev 1.15.8.4ubuntu3.1

In general, a standard system update will make all the necessary changes.